Hi,
I have rt-ac66u running merlin 374.40 (atleast at this point).
I have a web server which I would like to somehow isolate from other lan devices. (This web server is inside esxi so just saying if there is some esxi possible routing to achieve lan separation as an option if there is no any other way of accomplishing what I want )..
What would be the best practise to achieve this as I think this would be safer on the security side?
I haven't yet tried any configurations myself because after a little bit of researching I discovered that the virtual DMZ option seems not to be the DMZ option what I though it was. It seems to just forward all the packets from web to this ip (inside the same lan). As of what I understand an read about this machine would still be able to access all the devices in same lan.
Would some port forwarding rules be possible or wise to accomplish what I want?
Something like set virtual port server / port forwarding one port to web server ip address and set some port forwarding or firewall rules to limit all the access from web server to other lan devices??
So I would like that I could connect from this web-server to internet to get updates. I would like to be able to connect from lan to this server so I can change config (not necessary because I still would have esxi console access).
I would like this web-server to not to have any access to the machines on the same lan it is connected to..
I do not have any experience on this area
I have rt-ac66u running merlin 374.40 (atleast at this point).
I have a web server which I would like to somehow isolate from other lan devices. (This web server is inside esxi so just saying if there is some esxi possible routing to achieve lan separation as an option if there is no any other way of accomplishing what I want )..
What would be the best practise to achieve this as I think this would be safer on the security side?
I haven't yet tried any configurations myself because after a little bit of researching I discovered that the virtual DMZ option seems not to be the DMZ option what I though it was. It seems to just forward all the packets from web to this ip (inside the same lan). As of what I understand an read about this machine would still be able to access all the devices in same lan.
Would some port forwarding rules be possible or wise to accomplish what I want?
Something like set virtual port server / port forwarding one port to web server ip address and set some port forwarding or firewall rules to limit all the access from web server to other lan devices??
So I would like that I could connect from this web-server to internet to get updates. I would like to be able to connect from lan to this server so I can change config (not necessary because I still would have esxi console access).
I would like this web-server to not to have any access to the machines on the same lan it is connected to..
I do not have any experience on this area